Gateway-based anti-theft security system and method

ABSTRACT

Improved systems and techniques are disclosed for controlling the security states of anti theft security systems such as product display assemblies using security fobs. The tasks relating to fob authentication are offloaded to a computer system, and these authentications can be based on identifiers for the different security fobs. The computer system can maintain a list of identifiers for authorized security fobs that is easily updated when new security fobs are added to or existing security fobs are de-authorized from the system.

CROSS-REFERENCE TO RELATED PATENT APPLICATIONS

This patent application is a continuation of U.S. application Ser. No. 16/744,769, filed Jan. 16, 2020, which is a continuation of U.S. patent application Ser. No. 15/883,318 filed Jan. 30, 2018. U.S. Pat. No. 10,540,872, issued Jan. 21, 2020, which is a divisional of U.S. patent application Ser. No. 15/488,379 filed Apr. 14, 2017, U.S. Pat. No. 9,892,604, issued Feb. 13, 2018, which claims priority to (1) U.S. provisional patent application Ser. No. 62/323,511, filed Apr. 15, 2016 and (2) U.S. provisional patent application Ser. No. 62/323,466, filed Apr. 15, 2016, the entire disclosures of each of which are incorporated herein by reference.

This patent application is also related to (1) U.S. patent application Ser. No. 15/488,383 filed Apr. 14, 2017”, (2) U.S. patent application Ser. No. 15/488,370 filed Apr. 14, 2017, and (3) U.S. patent application Ser. No. 15/488,373 filed Apr. 14, 2017.

INTRODUCTION

Many products such as electronic devices (particularly hand-held electronics such as smart phones, tablet computers, digital cameras, etc.) are displayed in retail stores at individual post positions on countertop or wall-rack displays. A product display assembly at each post position is typically employed to facilitate the presentation of these products to customers. The product display assembly typically includes a puck assembly and a base assembly. A product such as an electronic device is mounted on a surface of the puck assembly, and the puck assembly engages with the base assembly when the puck assembly is at rest. To accommodate a capability for a customer to hold or take a closer look at the electronic device, the puck assembly can be lifted from its rest position. A tether may be employed to keep the puck assembly connected with the base assembly when the puck assembly is in the lift position, but this need not necessarily be the case.

Product display assemblies typically include security systems that will trigger alarms when actions such as an improper removal of the product from the puck assembly or an improper movement of the puck assembly occur. These security systems are often configured to be switchable between an armed state and a disarmed state. When in an armed state, the security system will trigger an alarm when unauthorized actions occur. When in a disarmed state, the security system is disabled.

Hand-carried keys have been developed that allow retail store personnel to arm or disarm the security systems of the product display assemblies. These keys can be referred to as “key fobs” or “security fobs”. With a conventional security fob, the security fob and the product display assembly are programmed to have matching codes (an “arm/disarm” code). This programmable code effectively turns the security fob into an electronic key that fits an electronic lock on the product display assembly so that the security fob can arm or disarm the product display assembly's security system.

However, this conventional approach to security fobs results in a practical problem that relates to the turnover in personnel at a retail store. To reduce the risk of a security fob being used in an unauthorized manner, retail store managers desire a mechanism for controlling which security fobs are authorized to control the security states of one or more product display assemblies. As an example, when an employee discontinues employment, a store manager will need to delete, reset, and/or reprogram the code in the security fob that had been used by that discontinued employee. A similar reprogramming effort may be needed for the product display assemblies in the store as well. Given the relative frequency of changes in store personnel, this need for frequent reprogramming efforts leads to inefficiency.

To solve these problems of inefficiency, disclosed herein are solutions where authentication tasks are performed by a computer system such as a server that is remote from the security fobs and the product display assemblies. A security fob that is to be used for controlling the security status of a product display assembly can communicate its identifier to the computer system, whereupon the computer system will make a determination based on the communicated identifier as to whether the security fob is authorized for controlling the product display assembly's security status. The computer system can maintain a list of authorized security fob identifiers to facilitate this authentication task. If the computer system determines that the security fob is authorized, an authorization signal can be provided to the security fob that will cause the security fob to provide a code to the product display assembly that is effective to control the product display assembly's security status. In this fashion, the computer system can serve as an authentication gateway for security fobs.

Moreover, with respect to an example embodiment, the product display assemblies need not necessarily know the identifiers for the authorized security fobs. Instead, the same common code for controlling security status can be shared by multiple security fobs and used to control security status for a plurality of product display assemblies. When the need arises to de-authorize an existing security fob or authorize a new security fob, these acts can be accomplished by updating the authorization list that is maintained by the computer system. Accordingly, the nature of interactions between security fobs and product display assemblies need not change as the population of authorized security fobs changes.

Also disclosed herein is a technique for permitting a security fob to perform a limited number of security control operations with respect to a product display assembly regardless of whether there has been an authentication of that security fob by the computer system. As an example, one or more override tokens can be stored on a security fob. If the security fob is unable to establish a communication link with the computer system, the security fob can still provide the security code to the product display assembly so long as it has at least one stored override token. Each time an override token is used in this manner, the security fob would decrement its count of override tokens. Such an arrangement provides a level of failsafe operations when there is a need to control the security status of a product display assembly in situations when a wireless network or the like that links the security fobs with the computer system might be down.

These and other features and advantages of the present invention will be described hereinafter to those having ordinary skill in the art.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 discloses an example embodiment of a gateway-based authorization system for security fobs.

FIG. 2 shows an example embodiment of a security fob.

FIGS. 3A-F show example embodiments of a product display assembly.

FIGS. 3G-H show example embodiments of a puck assembly.

FIG. 4 shows an example embodiment of a computer system that provides an authentication service for security fobs.

FIG. 5 depicts an example of a process flow for a system in accordance with an example embodiment.

FIG. 6 depicts an example process flow for a software program for execution by the processor of a security fob to facilitate authorization.

FIG. 7 depicts an example process flow for a software authentication program for execution by the processor of the computer system of FIG. 4.

FIG. 8 depicts an example process flow for execution at least in part by a processor within security circuitry to control security status for a product display assembly in response to a security fob.

FIGS. 9A and 9B depict examples of how an authorization list maintained by the computer system can be managed.

FIG. 10 depicts an example of a process flow for a system in accordance with another example embodiment.

FIG. 11 depicts an example system diagram for carrying out the process flow of FIG. 10.

FIG. 12 depicts another example process flow for a software program for execution by the processor of a security fob to facilitate authorization.

FIG. 13 depicts another example process flow for execution at least in part by a processor within security circuitry to control security status for a product display assembly in response to a security fob.

FIG. 14 depicts another example process flow for a software authentication program for execution by the processor of the computer system of FIG. 4.

FIG. 15 depicts another example process flow for a software program for execution by the processor of a security fob to facilitate authorization.

FIG. 16 depicts another example process flow for execution at least in part by a processor within security circuitry to control security status for a product display assembly in response to a security fob.

FIG. 17 depicts another example process flow for a software authentication program for execution by the processor of the computer system of FIG. 4.

FIG. 18 discloses an example embodiment of a gateway-based authorization system for security fobs that can use the process flows of FIGS. 12-14.

FIG. 19 discloses an example embodiment of a gateway-based authorization system for security fobs that can use the process flows of FIGS. 15-17.

FIGS. 20-25 disclose example embodiments of security and related circuitry.

DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS

FIG. 1 discloses an example embodiment of a gateway-based authorization system for security fobs. The system can include a product display assembly 100 for cooperation with one or more security fobs 110 and a computer system 120.

The product display assembly 100 can serve as an anti-theft security system, and it can be used for presenting a product such as an electronic device 106 to consumers in a secure manner. As mentioned, examples of suitable electronic devices 106 can include hand-held consumer electronics such as smart phones, tablet computers, digital cameras, etc. The product display assembly 100 can include a security sensor 102 and security circuitry 104 that cooperate with each other to generate a security condition signal in response to detecting an event relating to a removal of the electronic device 106 from the product display assembly 100. The security circuitry 104 is controllable to be switchable between an armed state and a disarmed state based on receipt of a security code 116 from a security fob 110.

It should be understood that the security code 116 does not serve to uniquely identify a security fob 110. Instead, the security code 116 is a code that controls a security status for the security circuitry 104, where this security code 116 can be shared by several security fobs 110. As an example, the security code 116 can be a single toggle code that toggles the security circuitry 104 between an armed state and a disarmed state. However, the security code 116 may take the form of different codes based on a desired function (e.g., a first code for arming the security circuitry 104, a second code for disarming the security circuitry 104, etc.) if desired by a practitioner. Thus, it should be understood that security fobs 110 shown in FIG. 1 can be configured to generate a common security code 116 for use in controlling a security status for the security circuitry 104. As such, the security code 116 can be characterized as a security command that is used to control the security circuitry 104.

To authenticate security fobs, a computer system 120 is employed to communicate with the security fobs 110 and execute an authentication program 122. Each security fob can communicate an identifier 112 for that security fob to the computer system 120, and the computer system 120 can execute its authentication program 122 that matches the received fob identifier 112 against one or more fob identifiers on an authorization list 124. If the received fob identifier 112 matches a fob identifier on the authorization list 124, this means that the security fob in question is an authorized security fob, and the computer system 120 can communicate an authorization signal 114 to that security fob 110. In response to receipt of the authorization signal 114, the security fob 110 provides the security code 116 to the security circuitry 104. Accordingly, it should be understood that the security fob 110 is configured to condition its output of the security code 116 on receipt of an authorization signal 114 from the computer system 120.

In this fashion, the product display assembly 100 need not receive or process any unique identifiers for security fobs in order to assess whether a security fob is authorized to control the security status for the security circuitry 104. To control which security fobs 110 are authorized to control security status, a user needs to only update the authorization list 124 maintained by the computer system 120. Thus, as employees start or discontinue their employment at a retail store, no changes need to be made to the manner by which the security fobs 110 interact with the product display assembly 100 (e.g., the same security code 116 can continue being used); a manager needs to only change which security fob identifiers are included in the authorization list 124.

FIG. 2 shows an example embodiment of a security fob 110. The security fob 110 can take the form of a hand-held object that is capable of communicating with a product display assembly 100 and the computer system 120. The security fob can exhibit any of a number of shapes as would be understood by a practitioner. For example, the security fob 110 can be shaped in a manner similar to small hand-held thumb drives and the like. As another example, the security fob 110 can be shaped in a manner similar to a disk, a cylinder, or keyless entry devices for vehicles. In still other example embodiments, the security fob 110 can take the form of a badge or card or even a wireless computing device such as a smart phone or tablet computer (examples of which are discussed below).

The security fob 110 can include an interface 200, processor 202, memory 204, wireless I/O 206, and one or more lights 208 such as one or more light emitting diodes (LEDs), each enclosed or partially enclosed within a housing of some fashion such as a plastic or composite shell. These components can be configured to communicate with each other over a bus or similar interconnection. Furthermore, it should be understood that the security fob 110 need not necessarily include all of the components shown in FIG. 2; for example, a practitioner may choose to employ a security fob that does not include any light(s) 208. Likewise, it should also be understood that the security fob 110 may include additional components not shown in FIG. 2 (e.g., a power storage device such as a battery and/or one or more capacitors may be included with the security fob 110; and/or user input devices such as one or more buttons, etc. may be included with the security fob 110).

Through interface 200, the security fob 110 can communicate with the product display assembly 100. As an example, the interface 200 can be a physical connector for detachably connecting the security fob 110 with the product display assembly 100. As another example, the interface 200 can be a wireless connector for wirelessly connecting the security fob 110 with the product display assembly. The interface 200 can be any type of interface suitable for interfacing the security fob 110 with a complementary interface of the product display assembly 100 for the purposes described herein. For example, in embodiments where the interface 200 is a physical connector, this physical connector can be a physical connector that is compliant with a standard such the Universal Serial Bus (USB) standard (e.g., a mini-USB connector).

The processor 202 and memory 204 can be any hardware devices suitable for performing the operations described herein. As an example, the processor 202 can take the form of an Atmel SAMD21 microprocessor. The memory 204 can be integral to processor 202 and/or external to the processor 204.

The memory 204 can store the identifier 112 for the security fob 110. This identifier 112 is preferably a unique identifier (IUD) that distinguishes the subject security fob 110 from other security fobs 110 within the system. This uniqueness can be uniqueness across a system such as within a given retail store or it can be uniqueness across a wider system (e.g., a chain of retail stores). At its widest extent, the uniqueness can be universal, in which case the UID can take the form of a universal UID (QUID). An example UUID code can be a multi-bit code (e.g., a 128-bit code), with a certain number (or set) of bits allocated to identify the manufacturer, another set of bits allocated to other information (for example, the time or date that the UUID code was burned onto the memory chip), and a third set of bits allocated for expressing a uniquely generated random number. Accordingly, the fob QUID 112 operates like a unique serial number and specifically identifies only one security fob 110.

The memory 204 can also store the security code 116. As noted above, the security code 116 is a code that controls a security status for the security circuitry 104. An example security code 116 can be a multi-bit code that is known by the security circuitry 104 such that receipt of the security code 116 by the security circuitry 104 from the security fob 110 causes a change in the security status of the security circuitry 104. In an example embodiment, the security code 116 can be a single code that toggles the security status of the security circuitry 104 (a “toggle” code, e.g., for toggling the security circuitry 104 between an armed state and a disarmed state). However, as explained above, it should be understood that the security code 116 could also take the form of different codes based on a desired function. For example, the security code 116 could include a first code for arming the security circuitry 104 and a second code for disarming the security circuitry 104). User control over which code is being used at a given time can be provided through a button or the like on the security fob 110. As another example, the security code 116 could also include a third code for clearing an alarm for the security circuitry. As yet another example, the security code 116 could include a first code for toggling between arming and disarming the security circuitry 104 and a second code for clearing an alarm for the security circuitry.

It should be understood that, unlike the fob identifiers 112 which will be different for each security fob 110 in the system, the security code 116 can be shared by all of the security fobs 110 in the system. Accordingly, because the security code 116 can be shared by multiple security fobs 110, there will be a minimal, negligible, or even non-existent need to reprogram the security fobs 110 and/or product display assemblies 100 with respect to the security code 116 as employees begin or end employment with a store.

The memory 204 can also store one or more software programs 214 for execution by processor 202. The software program(s) 214 can take the form of a plurality of processor-executable instructions that are resident on a non-transitory computer-readable storage medium such as memory 204. Example embodiments of software programs 214 are described below with reference to FIGS. 6, 12, and 15. Of note, software program 214 can be configured to condition any release or output of the security code 116 by the security fob 110 on the security fob receiving an appropriate authorization signal as discussed hereinafter.

The wireless I/O 206 provides wireless connectivity with remote systems such as computer system 120. The wireless I/O 206 can be any wireless communication device suitable for performing the operations described herein. As an example, the wireless I/O 206 can take the form of an Atmel AT86RF212B RF transceiver. Wireless transmissions can operate in any frequency range suitable for wireless communications. As an example, the wireless transmissions can operate in the 902 Mhz to 928 Mhz band which can enhance range and penetration. An example embodiment of a wireless network used by the system can support multiple channels (e.g., 10 channels with 2Meg bandwidths) for optional environmental interference tweaking.

The light(s) 208 can take the form of any light source suitable for performing the operations described herein. As an example, the light(s) 208 can be a single LED that becomes illuminated whenever the security fob 110 successfully controls the security status of the security circuitry 104. As another example, the light(s) 208 can be multiple LEDs (which may be LEDs of different colors) that will be used to indicate to a user whether the security fob has been approved as an authorized security fob by computer system 120 (an illumination of a first LED) and to indicate a successful controlling action with respect to the security circuitry 104 (an illumination of a second LED). It should be understood that other combinations are possible to indicate different events if desired by a practitioner.

FIGS. 3A-C show various example embodiments of different types of product display assemblies 100 that can be used with the system. As noted above, the product display assembly 100 can include a puck assembly 302 and a base assembly 304. Electronic device 106 can be mounted on surface 306 of the puck assembly 302 so that the electronic device 106 can be securely displayed to customers in a store. The puck assembly 302 is moveable between a rest position and a lift position. When in the rest position, the puck assembly 302 contacts the base assembly 304, as shown in FIG. 3A. When in the lift position, the puck assembly 302 separates from the base assembly 304, as shown by FIGS. 3B and 3C. FIG. 3B shows an example embodiment where a tether assembly 308 is used to physically connect the puck assembly 302 with the base assembly 304, even when the puck assembly 302 is in the lift position. A security condition signal (e.g., to indicate an unauthorized removal of electronic device 106 from the puck assembly 302) can be communicated from the puck assembly 302 via the tether assembly 308 or via wireless communication (with the base assembly 304 or with some other system). FIG. 3C shows an example embodiment of a tetherless product display assembly 100. With the example of FIG. 3C, wireless communication 310 can be used to communicate a security condition signal from the puck assembly 302 to the base assembly 304 (or to some other system).

Examples of product display assemblies 100 that can be adapted for use in the practice of the embodiments described herein are disclosed in U.S. Pat. Nos. 8,558,688, 8,698,617, and 8,698,618 and U.S. Patent Application Publication Nos. 2014/0159898 and 2017/0032636, the entire disclosures of each of which are incorporated herein by reference.

For example. FIGS. 3D and 3E reproduce FIGS. 27 and 28 from incorporated U.S. Patent Application Publication No. 2017/0032636 and show an example product display assembly 100 that is further described in the 2017/0032636 publication. The product display assembly 100 shown by FIGS. 3D and 3E include a puck assembly 302, a base assembly 304, and a tether assembly 308. A power cable 312 provides an electrical connection between the puck assembly 302 and the electronic device 106 through which the electronic device 106 can be charged. The puck assembly 302 can receive power from a power source via the base assembly 304 when the puck assembly is at rest, as shown in FIG. 3D. Contacts included on the puck assembly and base assembly (see, e.g., contact 314 shown by FIG. 3E) can contact each other when the puck assembly is at rest, thereby forming an electrical connection through which power can be delivered from a power source (not shown) to the puck assembly via the base assembly and the electrical connection formed by the contacts. When the puck assembly 302 is lifted, the contacts lose contact with each other, thereby breaking the electrical connection. Optionally, a battery or other power storage device can be included in the puck assembly 302 to store power for use by the puck assembly 302 when the puck assembly is in the lift position.

As another example, FIG. 3F reproduces FIG. 8 from incorporated U.S. Pat. No. 8,698,617 and shows an example product display assembly 100 that is further described in the '617 patent. In this view, an example product display assembly 100 is shown in an exploded manner where various components of a puck assembly 302, a base assembly 304, and a tether assembly 308 can be seen.

FIG. 3G depicts an example puck assembly 302 that includes an interface 320, security sensor 102, and security circuitry 104. These components can each be enclosed or partially enclosed within a housing of some fashion such as a plastic or composite shell. These components can also be configured to communicate with each other over a bus or similar interconnection.

Interface 320 is for interfacing a security fob 110 with the puck assembly 302. Interface 320 can be an interface type that is complementary with the interface 200 of the security fob 110. For example, if the interface 200 is mini-USB connector, then interface 320 can be a complementary mini-USB connector. As another example, if the interface 200 is an RFID chip, the interface 320 can be an RFID reader.

The security sensor 102 can be one or more sensors that are adapted to detect events such as a removal of the electronic device 106 from the puck assembly 302 or other events that may indicate a possible security condition. An example security sensor 102 can be a pressure button included on the puck assembly surface 306 that is depressed when the electronic device 106 is engaged with the puck assembly 302 but is released when the electronic device 106 is removed from the puck assembly 302. A release of the pressure button can trigger the security circuitry 104 (when armed) to generate a security conditional signal. However, it should be understood that other security sensors 102 could be employed. Another example of a security sensor 102 that can be used with product display assemblies 100 that include a tether assembly 308 can be a circuit that detects when the tether is cut or otherwise broken. Still another example of a security sensor 102 can be a position detection circuit that detects when the puck assembly 302 moves a certain distance beyond the base assembly or leaves a designated virtual fence area. For example, such a position detection circuit can rely on wireless signals and signal strength estimations to detect distances between the puck assembly 302 and base assembly 304. Still additional examples of security sensors 102 can include power draw sensors, contact closures, optical sensors for detecting objects (or the absence of objects), vibration sensors, and/or acceleration sensors.

The security circuitry 104 can be any circuitry that is configured to be (1) controllable between a plurality of security states in response to the security code 116 and (2) generate a security condition signal when appropriate (e.g., when the security circuitry 104 is in an armed state and the security sensor 102 detects a triggering event). For example, the security circuitry 104 can include switching logic and the like that is controlled based on a signal from a control processor that controls the switching logic based on whether the security code 116 has been verified. The security circuitry 104 may also include circuitry such as relay drivers, motor controls, alarming units, solenoid drivers, and/or lock actuators. Security circuitry 104 can include a processor and memory that cooperate with each other to execute one or more software programs in furtherance of the security functions described herein. Examples of such software programs are described below with reference to FIGS. 8, 13, and 16.

It should be understood that the puck assembly 302 can include components different than those shown in FIG. 3G. For example. FIG. 3H shows an example puck assembly 302 that includes additional components. The puck assembly 302 of FIG. 3H includes an additional interface 322. This interface 322 can interface the puck assembly 302 with an electronic device 106 presented to customers via the product display assembly 100. For example, the interface 322 can be a physical connector adapted for detachable connection with a power cable for providing power to the electronic device 116. Examples of such power cables are described in the above-referenced and incorporated U.S. Pat. Nos. 8,558,688, 8,698,617, and 8,698,618 and U.S. Patent Application Publication Nos. 2014/0159898 and 2017/003263.

The puck assembly 302 of FIG. 3H also includes one or more charging contacts 314. These charging contacts 314 can create an electrical connection with a power source via complementary contacts of the base assembly 304 when the puck assembly 302 is in the rest position. Examples of such charging contacts 314 are described in the above-referenced and incorporated U.S. Pat. Nos. 8,558,688, 8,698,617, and 8,698,618 and U.S. Patent Application Publication Nos. 2014/0159898 and 2017/003263.

The puck assembly 302 of FIG. 3H also includes a power storage device 330 that is charged via electricity received through the charging contacts 314 when the puck assembly 302 is in the rest position and that stores power for use by the puck assembly 302 when the puck assembly is in the lift position. The power storage device 330 can take the form of a battery (preferably a rechargeable battery) or a suitable capacitor. Examples of such a power storage device 330 are described in the above-referenced and incorporated U.S. Pat. Nos. 8,558,688, 8,698,617, and 8,698,618 and U.S. Patent Application Publication Nos. 2014/0159898 and 2017/003263.

The puck assembly 302 of FIG. 3H can also include additional circuitry 332. For example, the additional circuitry 332 can include circuitry for distributing power from the charging contacts 314 to other components of the puck assembly 302 (e.g., the security circuitry 104, interfaces 320 and 322, power storage device 330, etc.) and/or circuitry for distributing power from the power storage device 330 to other components of the puck assembly 302 (e.g., the security circuitry 104; interfaces 320 and 322). As another example, the additional circuitry 332 can include wireless communication circuitry that provides the puck assembly with an ability to wirelessly transmit security condition signals from the security circuitry 104 or otherwise wirelessly communicate with remote systems. Examples of additional circuitry 332 are described in the above-referenced and incorporated U.S. Pat. Nos. 8,558,688, 8,698,617, and 8,698,618 and U.S. Patent Application Publication Nos. 2014/0159898 and 2017/003263.

FIG. 4 shows an example embodiment of computer system 120. The computer system 120 can serve as an authorization gateway that determines whether a given security fob 110 is authorized to control the security status of a product display assembly 100. As an example, the computer system 120 can take the form of a server that includes a processor 400, a memory 402, and wireless IO 404. These components can also be configured to communicate with each other over a bus or similar interconnection. Such a server can optionally be configured as a Linux server that runs a Linux operating system.

The processor 400 and memory 402 can be any hardware devices suitable for performing the operations described herein. As an example, the processor 400 can take the form of an Atmel SAMD21 microprocessor. The memory 402 can be integral to processor 400 and/or external to the processor 400.

The memory 402 can store the authentication program 122 as well as the authorization list 124 used by the authentication program 122 when determining whether a security fob 110 is an authorized security fob. The authorization list 124 can take the form of a list of one or more fob identifiers 112 for security fobs 110 that are authorized to control the security status for the product display assembly 100. The memory 402 can also store a user management program 410 that controls how fob identifiers 112 are added to and removed from the authorization list 124. The software programs 122 and 410 can take the form of a plurality of processor-executable instructions that are resident on a non-transitory computer-readable storage medium such as memory 402. Example embodiments of software programs 122 and 410 are described below with reference to FIGS. 7, 9A, 9B, 14, and 17.

The wireless I/O 404 provides wireless connectivity with remote systems such as the security fobs 110. The wireless I/O 404 can be any wireless communication device suitable for performing the operations described herein. As an example, the wireless I/O 404 can take the form of an Atmel AT86RF212B RF transceiver, similar to that described for wireless I/O 206 of FIG. 2.

It should be understood that the computer system 120 can include components different than those shown by FIG. 4. For example, the computer system 120 can include its own interface for interfacing with interface 200 of the security fob 110 (e.g., in embodiments where interface 200 is a physical connector, the computer system's interface to the security fob can be a complementary physical connector for detachable connection interface 200). The computer system 120 could also include other input devices for interacting with software executed by the processor 400.

FIG. 5 depicts an example of a process flow 500 for a system in accordance with an example embodiment. A user such as a store manager can receive a plurality of security fobs 110, each manufactured with a static UUID (step 502). At step 504, a user such as a store manager initially connects a security fob 110 to the computer system 120, at which time the computer system 120 acquires the security fob's UUID and adds the security fob's UUID to the authorization list 124 to establish that security fob as an authorized security fob (step 506). The addition of a fob identifier to the authorization list can be referred to as “whitelisting” the security fob 110 corresponding to that fob identifier. An example procedure and corresponding technology for performing steps 504 and 506 that rely on a timed sequence of interactions between security fobs and the compute system are described in U.S. provisional patent application Ser. No. 62/323,466, filed Apr. 15, 2016 and entitled “Security Alarm Key for Retail Security Display” and in U.S. patent application Ser. No. 15/488,370, filed Apr. 14, 2017 and entitled “Authorization Control for an Anti-Theft Security System” and published as US Pat App Pub. 2017/0300721, the entire disclosures of each of which are incorporated herein by reference.

When a whitelisted or authorized security fob is connected to a puck assembly 302 (step 508), the connected security fob 110 requests authorization from the computer system 120 (step 510). This authorization request can include an identification of the connected security fob's QUID. The computer system 120 reads the fob UUID for the connected security fob (step 512) and checks the key fob's UUID against the authorization list 124 (step 514). If the subject fob UUID) is on the authorization list 124, then the connected security fob is authorized to transmit the security code 116 and arm/disarm the puck assembly's security circuitry (step 516). If the subject fob QUID is not on the authorization list 124, then no authorization is given (step 518).

FIG. 6 depicts an example process flow for software program 214 for execution by the processor 202 of security fob 110 to facilitate such an authorization arrangement. The process flow of FIG. 6 begins when the security fob 110 interfaces with a puck assembly 302 via interfaces 200 and 320. If there is a connection between interfaces 200 and 320, the security fob 110 can receive operating power from the puck assembly 302 via the connection (step 602). For example, in an example instance of a physical connection, the security fob 110 can draw current from the puck assembly 302 via the physical connection. Using such operating power, the processor 202 can wake up and execute software program 214. The security fob 110 can also be designed to have enough onboard capacitance to enable it to remained powered up during a sleep state for a desired amount of time (e.g., around 2 seconds).

After being powered up and starting execution of program 214, the processor reads the fob identifier 112 from memory 204 (step 604). At step 606, the processor attempts to establish a wireless connection with the computer system 120 via wireless I/O 206. If step 608 results in a conclusion that the wireless connection has not been established, the processor can return to step 606 to try again. As discussed below in connection with another embodiment, a practitioner may also employ additional procedures that would allow for use of the security fob 110 in certain situations where the wireless network may be unavailable. If step 608 results in a conclusion that the wireless connection has been established, the processor proceeds to step 610.

At step 610, the processor 202 instructs the wireless I/O 206 to transmit an authorization request to the computer system 120 via the wireless connection established at step 606. This authorization request will include the fob identifier 112 read at step 604. If desired, this authorization request can be encrypted by the processor 202 (e.g., AES encryption) to provide an additional layer of security (whereupon the encrypted authorization request would later be decrypted after receipt by the computer system 120). The processor 202 and wireless I/O 206 can packetize the authorization request for wireless transmission as a message to the computer system 120, and the wireless I/O 206 will wirelessly transmit this authorization request for reception by the computer system 120.

At step 612, the security fob 110 will await receipt of an authorization signal from the computer system 120 via the wireless connection in response to the authorization request sent at step 610. If the authorization signal from the computer system has been encrypted, step 612 may also include a corresponding decryption operation. The authorization signal can take the form of an authorization code that indicates to the processor 202 that the security fob 110 is approved as an authorized security fob. To facilitate this, the security fob can have the authorization code already stored in its memory 204. Then, upon receipt of the authorization signal, the processor 202 can compare the authorization code from the authorization signal with the authorization code stored in memory 204. If they are a match, the processor determines that the security fob is an authorized security fob (and the process flow proceeds to step 614). If there is not a match, the process flow can terminate or await another signal from the computer system.

At step 614, the processor 202 reads the security code 116 from memory 204. Then, at step 616, the processor 202 communicates this security code 116 to the puck assembly via the connection between the puck assembly and the security fob 110 (e.g., via the connection between interfaces 200 and 320). To further enhance the security of the system, the communication at step 616 can be an encrypted communication, and this encrypted communication employ a time-varying encryption. For example, the processor 202 can employ an encryption technique such as an encrypted I²C serial protocol for the communication between the security fob 110 and the puck assembly 302 at step 614. Further still, for a practitioner that may operate multiple stores, different encryption can be performed for different store locations (e.g., different encryption keys, different modes of encryption (e.g., electronic code book (ECB), cipher block chaining (CBC), etc.), and/or different types of encryption (e.g., AES, Triple DES, etc.).

Accordingly, it can be seen via FIG. 6 that the security fob 110 is designed to condition its release/communication of the security code 116 on a real-time, remote authorization check of that security fob 110.

It should be understood that FIG. 6 is merely an example of a process flow for execution in connection with software program 214, and a practitioner may employ alternate process flows. For example, the order of many of the steps in FIG. 6 can be changed (e.g., step 614 could be performed earlier in the process flow; step 604 could be performed between steps 606 and 610, etc.). As another example, additional steps could be employed (e.g., one or more additional steps of illuminating one or more lights 208 on the security fob 110 can be performed, such as after step 616 to notify a user that the security code 116 was sent to the puck assembly and/or after step 608 to notify a user that a wireless connection has been established, etc.).

FIG. 7 depicts an example process flow for software authentication program 122 for execution by the processor 400 of computer system 120. At step 700, the processor 400 receives the authorization request that was wirelessly transmitted by the security fob 110 via the wireless network at step 610 of FIG. 6. If the authorization request was encrypted by the security fob 110, step 700 can also include a corresponding decryption of the authorization request.

At step 702, the processor 400 checks whether the subject security fob 110 is an authorized security fob. To facilitate this check, the processor 400 can read the fob identifier 112 that is present within the received authorization request. The processor 400 can also read the authorization list 124 to identify the fob identifiers for authorized security fobs. The processor 400 can then compare the received fob identifier 112 with the fob identifiers from the authorization list 124 (step 704), and if the received fob identifier 112 matches any of the fob identifiers on the authorization list 124, the processor 400 can conclude that the subject security fob is authorized and proceed to step 706. If the received fob identifier 112 does not match any of the fob identifiers on the authorization list 124, the processor 400 can conclude that the subject security fob is un authorized and proceed to step 708.

At step 706, the processor 400 instructs the wireless I/O 404 to transmit the authorization signal to the security fob 110 via the wireless connection established at step 606 of FIG. 6. This authorization signal can include the authorization code as discussed above in connection with FIG. 6. If desired, this authorization signal can be encrypted by the processor 400 (e.g., AES encryption) to provide an additional layer of security (whereupon the encrypted authorization signal would later be decrypted after receipt by the security fob 110). The processor 400 and wireless I/O 404 can packetize the authorization signal for wireless transmission as a message to the security fob 110, and the wireless I/O 404 will wirelessly transmit this authorization signal for reception by the security fob 110.

At step 708, the processor rejects the security fob's authorization request. If desired by a practitioner, this step may also include wirelessly communicating a rejection signal to the security fob 110. However, this need not be the case.

FIG. 8 depicts an example process flow for execution at least in part by a processor within security circuitry 104 to control security status for a product display assembly 100 in response to a security fob 110. The process flow of FIG. 8 can be embodied as a plurality of processor-executable instructions that are resident on a non-transitory computer-readable storage medium such as memory that is accessible to the subject processor.

At step 800, the security circuitry 104 detects a connection with the security fob at interface 320. This detection can be performed in any of a number of ways. For example, in an example embodiment where the connection between interfaces 200 and 320 is a physical connection, a configuration resistor in the security fob 110 can be detected by the security circuitry 104 to identify the connected device as a security fob 110. Different types of devices that may be connected via interface 320 can include different values for configuration resistors to thereby allow for the security circuitry 104 to distinguish between different types of connected devices. After detecting the connected security fob, the security circuitry 104 can provide operating power to the security fob 110 through the connection. At this point, at step 804, the security circuitry awaits receipt of a security code 116 from the connected security fob 110 (while the security fob 110 and computer system 120 proceed with their authorization routine).

If the security fob 110 is disconnected from the puck assembly 302 before the security code has been received from the security fob (step 812), the process flow terminates. In example embodiments where the connection is a physical connection, step 812 would detect a physical disconnection of the security fob 110 from the puck assembly 302 via techniques such as contact closure, power presence, communication lapse, etc. In example embodiments where the connection is a wireless connection, step 812 would detect a loss of wireless connection between the security fob 110 and puck assembly 302. But, if no disconnection is detected at step 812, the security circuitry 104 continues to await the security code from the security fob 110.

If a security code 116 is received from the connected security fob 110 at step 804, then the process flow can proceed to step 806. If the security code communication from the security fob 110 is encrypted, step 804 can include a corresponding decryption operation. At step 806, the security circuitry 104 compares the received security code with a security code known by the security circuitry 104 as the authorized security code (e.g., the security circuitry 104 can maintain the authorized security code in memory). If a match is found at step 808, the security circuitry 104 adjusts the security status based on the approved security code (step 810). If the security code is a toggle code, step 810 can result in a toggling of the security status of the security circuitry 104 (e.g., transitioning from an armed state to a disarmed state or vice versa). If a match is not found at step 808, the process flow terminates. Optionally, a rejection message can be sent to the security fob 110 via the security fob-to-puck assembly connection.

FIGS. 9A and 9B illustrate how the authorization list 124 can be managed to control which security fobs 110 are authorized (or de-authorized) with respect to controlling the security status of a product display assembly 100. FIG. 9A shows an example authorization list 124 that identifies the fob UIDs for a number of authorized security fobs. Through execution of a user management program 410, the computer system can add and/or remove a given security fob's fob UID to/from the authorization list 124. By way of example, FIG. 9A shows a step 900 where a user deletes Key Fob2's fob UID from the authorization list (where the updated authorization list 124 is shown below step 900). Once a security fob has been removed from the authorization list 124, the computer system's authentication program 122 will no longer authorize that security fob when it sends an authorization request.

FIG. 9B depicts an example process flow for the user management program 410 for execution by processor 400 of computer system 120. The process flow of FIG. 9B can be embodied as a plurality of processor-executable instructions that are resident on a non-transitory computer-readable storage medium such as memory 402.

At step 910, the processor 400 receives user credentials from a user (e.g., a user ID and password). At step 912, the processor checks these user credentials to determine whether the user is authorized to manage the authorization list. If yes, the process flow proceeds to step 914. At step 914, the processor awaits receipt of a command from the user through the software program. Examples of user commands that can be received include a user command corresponding to a request to add a security fob to the authorization list, a user command corresponding to a request to delete a security fob from the authorization list, and a command to exit the user management program 410.

Upon receipt of an “add fob” command at step 914, the processor performs an “add fob” operation with respect to the authorization list. At step 916, the processor receives a fob identifier 112 for a security fob to be added to the authorization list. This step can be performed in any of a number of ways. For example, the user could potentially manually enter the fob identifier 112 for the subject security fob 110. As another example, the computer system 120 and user management program 410 can include a reader function where the computer system includes an interface through which the reader reads the subject security fob's identifier 112. The user could then connect the subject security fob with this interface, whereupon the computer system reads the fob identifier 112 from the connected security fob.

Next, at step 918, the computer system adds the received fob identifier to the authorization list 124, thereby authorizing the subject security fob 110 for use in controlling the security status of the product display apparatus 100.

It should also be understood that the sequence of steps 910-918 could be replaced or complemented with the fob management techniques described in the above-referenced and incorporated U.S. provisional patent application Ser. No. 62/323,466, filed Apr. 15, 2016 and entitled “Security Alarm Key for Retail Security Display” and in U.S. patent application Ser. No. 15/488,370, filed Apr. 14, 2017 and entitled “Authorization Control for an Anti-Theft Security System” and published as US Pat App Pub. 2017/0300721. With this approach, the authorized user can employ a manager fob that is first connected to the computer system's interface. The computer system would then validate this manager fob as an authorized manager fob. This would start a timer that defines a time window during which the user would need to connect the subject security fob 110 that is to be added to the authorization list to the computer system's interface. If the user connects the subject security fob to the computer system's interface within this time window, the fob identifier of the connected security fob is read and added to the authorization list 124.

Upon receipt of a “delete fob” command at step 914, the processor performs a “delete fob” operation with respect to the authorization list. At step 920, the computer system can present a list of the authorized security fobs to the user. This can involve a graphical display of at least the fob identifiers for the authorized security fobs (see FIG. 9A above step 900). However, it should be understood that the display could include additional information, such as the names of any particular users who are associated with each security fob (e.g., John Smith might be assigned with Security Fob 1 while Jane Doe might be assigned with Security Fob 2, etc.).

At step 922, the computer system receives an identification from the user of the security fob to be deleted from the authorization list. This identification can be provided via any suitable input technique such as point and click operations with a mouse, touch/tap operations via a touchpad, keyboard inputs, etc. Then, at step 924, the computer system removes the fob identifier corresponding to the security fob identified at step 922 from the authorization list 124.

Upon receipt of an “exit” command at step 914, the processor can end the user management program 410.

In scenarios where a manager wants to delete the entire authorization list, it should also be understood that the sequence of steps 910-914 and 920-924 could be replaced or complemented with the fib management techniques described in the above-referenced and incorporated U.S. provisional patent application Ser. No. 62/323,466, filed Apr. 15, 2016 and entitled “Security Alarm Key for Retail Security Display” and in U.S. patent application Ser. No. 15/488,370, filed Apr. 14, 2017 and entitled “Authorization Control for an Anti-Theft Security System” and published as US Pat App Pub. 2017/0300721. With this approach, authorization list deletion can be accomplished in response to the manager fob being connected to the computer system's interface in accordance with a defined sequence (e.g., connecting the manager fob, disconnecting the manager fob, and then re-connecting the manager fob during a defined time window without any intervening connections with one or more other security fobs).

Accordingly, it can be seen that the system described herein provides a flexible and easy-to-use manner for managing authorized security fobs that reduces any potential needs for reprogramming the security fobs themselves and/or re-programming the product display assemblies themselves as the persons employed at a retail store change over time. If a security fob is lost by an employee or kept by a departed employee, a manager only needs to update the authorization list 124 via the user management program 410 to maintain security. There is no need for all of the security fobs and/or all of the product display assemblies to be re-programmed with new security codes.

Moreover, as mentioned above, the system may employ an alternate security control technique via the security fobs that provides an ability to control security status during specific situations such as time periods where the wireless network is down such that security fob identifiers 112 cannot be communicated wirelessly to the computer system 120. To provide this flexibility, the security fobs 110 may be provided with a defined number of override tokens. An override token can be embodied in any of a number of ways within security fob memory 202 such as data bits that identify a count of how many override tokens are present on the security fob. A security fob 110 that includes an override token is effectively able to control the security status of the product display assembly regardless of whether the computer system authorizes that security fob. Thus, the override tokens are a way for the system to provide a security fob with a number of “free” security toggles that are not dependent on receiving authorization from the computer system 120.

As an example, a given security fob 110 may be provided with three (3) override tokens. A record of these override tokens can be maintained in memory 204. In this instance, if the security fob 110 cannot receive an authorization response from the computer system (e.g., a wireless connection cannot be established between the security fob 110 and the computer system 120), and if that security fob has at least one override token stored in its memory, then the security code 116 will be communicated to the puck anyway. When an override token is used in this manner, the security fob will decrement the number of override tokens stored by the subject security fob by “one.” Accordingly, the override tokens can serve as a useful backup in times when the wireless network may be down or other technical problems arise because there may still be a need to arm/disarm product display assemblies during such times. Furthermore, user management program 410 can be used to manage how many override tokens are provided to the security fobs.

FIGS. 10 and 11 depict an example process flow and system diagram for a scenario where the security fobs can accommodate override tokens. Each security fob functions as a wireless node that can communicate to the computer system 120 (e.g., gateway device or a gateway/server indicated at 1100 in FIG. 11) when powered on. The security fob contains circuitry necessary to support two basic communication paths as discussed above and below.

The first communication path 1102 involves the security fob being a wireless node that can communicate with the gateway and server (linux server). The second communication path 1104 is an encrypted protocol (e.g., an I²C serial protocol) between the security fob and product display assembly (e.g., puck assembly).

As indicated in the above general description, the security fob does not store any programmed or dynamic authorization security codes. Security implementation is always enforced via real-time communication/check-in with the gateway/server 1100. In other words, security is not managed by the key fob but by the gateway/server 1100. Due to the potentially sensitive communication that may happen over wireless links, all wireless communications are preferably AES encrypted. Also, due to the nature of wireless networks, an optional repeater wireless node may need to be part of the system.

The security fob can be a passive device that is powered by either the puck or the gateway/server, depending on which device the security fob is connected to. When so connected, the security fob will harvest enough power for all required security fob operations/authentication. The security fob can have a green and red LED which will be used to indicate to the user whether the security fob is an approved device, as well as signaling a successful arm/disarm action with the product display assembly. Also, the network parameters used for the wireless network communications can be transferred to the security fob when connected to the gateway/server and stored in non-volatile memory.

In this example, the security fob will have an override token setting that can transferred via command from a management portal for the computer system executing user management program 410, where this command can set the number of override tokens to any number from 0 to N (e.g., where N=100). The default setting of override tokens can be 0. The override token number correlates to the number of authorized uses available to the security fob in the event of wireless communication failures. When override tokens are used, the number will be decremented, for each use, until it reaches 0, in which case the security fob is rendered inactive unless authorized via authentication program 122. A method can be provided for renewing override tokens by plugging in the security fob to the gateway and issuing renewed override tokens via the gateway management portal.

A wireless repeater may be provided as an optional accessory that may or may not be required, depending on customer/installation specific parameters and variables. The repeater can be designed using an Atmel SAMD21 uProcessor for all computational functions, and it can use an Atmel AT86RF212B RF transceiver for wireless transmission.

As indicated in the FIG. 11 schematic, the gateway device 1100 may include an embedded Linux server system 1110 that has an on board Linux-compatible server that runs an ARM based processor. It will have adequate storage space for the operating system and applicable database. The functional specifications for the gateway device can be as follows:

-   -   Upon boot the gateway device will have 3 modes of simultaneous         operation. These modes are (1) checking for a physical security         fob connection; (2) checking status with the Linux server;         and (3) listening for wireless communications.     -   For server communication mode the gateway device will         communicate via SPI bus as the slave:         -   Upon boot, the gateway device will have a null whitelist of             security fob UUIDs. It will begin by pinging the Linux             server periodically, over the SPI bus, requesting the latest             whitelist until it gets a response.         -   Once the gateway device has received a valid whitelist, the             gateway device will relinquish communication requests to the             Linux server.         -   The gateway device will respond to all command/status             requests from the Linux server.     -   For connected security fob/repeater communications, the gateway         device will:         -   Upon boot, the gateway device will periodically and             continuously send an encrypted request message on the I²C             bus and check for a valid response.         -   When a valid response is received, the response will             identify the connected device as a security fob or repeater.         -   If a repeater, the gateway device will transfer the current             network parameters to the repeater.         -   If a security fob, the gateway device will request the             security fob's QUID, and then transfer the network             parameters to the security fob. Optionally, the user will             have the option to transfer/renew any desired override             tokens.             -   The gateway device will then alert the server to the                 presence of a connected security fob and transfer the                 security fob's UUID to the Linux server.         -   The gateway device will then begin periodically checking for             a connected device again.     -   For wireless communication:         -   The gateway device will setup wireless communication upon             boot.         -   The gateway device will continually listen for any wireless             communication requests from a security fob.         -   When the gateway device receives an authentication request             from a security fob, it will check the security fob's UUID,             which was sent with the request, against the whitelist.         -   If the security fob UUID is on the whitelist, the gateway             device will send an authorized response back to the security             fob.         -   If the security fob UUID is NOT on the whitelist, the             gateway will send an unauthorized response back to the             security fob.

The Linux server system 1100 can support a SPI serial interface for gateway communications. The Linux server 1100 can host a small database that will be leveraged for an Access Control management portal. The database will store whitelisted security fob UUIDs as well as a log of all transactional authentication requests. Each whitelisted UUID can be stored with an optional “friendly name” parameter to make management for the end user easier.

The Linux server can also host a local web GUI that will be available via Ethernet or WiFi. The web GUI may be available directly by adding an optional monitor/keyboard/mouse if Ethernet/WiFi connectivity is not available. The web GUI can serve as the management portal interface for the end user to administer all Access Control management. The functional parameters of the Linux server can be as follows:

-   -   Upon boot the Linux server will load a locally hosted web GUI.     -   The Linux server will initialize the server's database of         whitelisted key fob UUIDs and associated settings (friendly name         and override token setting).     -   The Linux server will initialize the server's SPI interface to         the gateway device.     -   Once all functions on the server are loaded and initialized, the         Linux server will wait for commands from a user via management         portal, a whitelist request from the gateway device or an alert         from the gateway device that a security fob has been connected.         During this wait state the Linux server will also ping the         gateway device every 1 second, to ensure a functional SPI bus         and reflect this online/offline status via indicator on the         management GUI.     -   If the user changes the database of UUIDs the Linux server will         transfer the new whitelist to the gateway device via the SPI         bus.     -   The management portal web GUI will provide visibility to all         currently whitelisted security fobs, a window for authentication         logs and a window for displaying a currently connected security         fob and its associated settings.

As described above, each security fob can be manufactured with a permanent UUID number. The security fob can have two modes depending on which hardware it has been plugged into (position vs gateway). When plugged into the gateway device, the security fob can operate as follows:

-   -   The gateway device provides power to the key fob thereby         allowing the key fob to power up.     -   The gateway device initiates communications over the PC bus         thereby allowing the security fob to determine if it is plugged         into a position or gateway.     -   The security fob transfers its QUID upon request of the gateway         device.     -   The gateway device transfers network parameters to the security         fob.     -   At user discretion, the gateway device transfers any override         tokens to the security fob.     -   The security fob blinks green LED after successful QUID and         network parameter transfer. If there is an error in transferring         UUID/network parameters then the security fob blinks red and         requires removal and reinsertion.

When plugged into the gateway device, the security fob operates as follows: When plugged into a product display assembly (which can be referred to as a “position”), the security fob operates as follows:

-   -   The position provides power pulse to the security fob allowing         the security fob to power up.     -   The position sends an initial encrypted I²C message following         application of power. This allows the security fob to know it         has been plugged into the position.     -   The security fob sends an encrypted I²C acknowledgement message         indicating that the security fob has been connected, which         prompts the position to enable indefinite power application to         the security fob.     -   The security fob initializes wireless circuitry and queries the         gateway for Access Control status.     -   The security fob will either receive an authorized or         unauthorized reply from the gateway device indicating if the         security fob is approved/whitelisted or not.     -   The security fob will then store authorization status in         volatile memory and go to sleep.     -   The position will remove persistent power once it detects the         security fob has gone to sleep and initiate power pulsing mode.     -   Upon the next power pulse from the position, the security fob         will wake up.     -   The position sends an encrypted I²C message shortly after         sending the power pulse.     -   If the security fob is successfully authorized, it will reply to         the encrypted I²C message with an arm/disarm toggle command. The         security fob will then turn the green LED indicator and remain         in this state until removed from the position. If the security         fob was not successfully authorized, it will turn on the red LED         and remain in this state until removed from the position.     -   In the event that wireless communications fail, the security fob         will check the override token setting, and if the token setting         is 0, the security fob will turn LED red and remain in this         state without performing any action with position. If there are         any number of override tokens greater than zero, the security         fob will decrement the override token by 1 and issue an         authorized arm/disarm command to the position. The security fob         will then turn the green LED indicator on and remain in this         state until removed from the position.

Also, while the example embodiments described above rely on a wireless communication capability of the security fob 110 for achieving authentication via the computer system 120, it should be understood that other approaches could be used. For example, if the product display apparatus 100 includes its own wireless communication capability, then the need for security fob to maintain its own separate wireless communication capability could be eliminated if desired by a practitioner. Thus, if the product display assembly 100 includes its own wireless I/O that is capable of establishing a wireless connection with the computer system 120, then the security fob 110 can omit wireless I/O 206. With such a design, the communications between the security fob 110 and the computer system 120 can be routed through the product display assembly 100 to which the security fob 110 is connected. FIGS. 12-14 depict example process flows for an example of such an approach. FIGS. 15-17 depict example process flows for another example of such an approach.

FIG. 12 depicts an example process flow for software program 214 where steps 606-612 from FIG. 6 are replaced with steps 1200 and 1202. Rather than having the security fob 110 establish a wireless connection with the computer system 120, the security fob 110 can communicate its fob identifier 112 to the product display assembly 100 to which it is connected (step 1200). Also, rather than receive the authorization signal from the computer system 120 via a wireless connection, the security fob 110 can receive the authorization signal indirectly from the computer system 120 via the product display assembly 100 to which it is connected (step 1202).

FIG. 13 depicts a corresponding process flow for the security circuitry 104 that is similar in nature to FIG. 8, but layers in additional operations relating to establishing a wireless connection with the computer system 120 and relaying messages between the computer system 120 and connected security fob 110. At step 1300, the security circuitry 104 receives the fob identifier 112 that was communicated to it as a result of step 1200 from FIG. 12. The security circuitry 104 also establishes/checks the wireless connection with the computer system 120 at steps 1302 and 1304 and instructs its wireless I/O to wirelessly transmit the authorization request to the computer system 120 at step 1306. These steps are similar in nature to steps 606-610 from FIG. 6 but performed by the security circuitry 104 rather than security fob 110. At steps 1308 and 1310, the security circuitry receives the authorization signal from the computer system 120 and relays it to the connected security fob 110. Accordingly, it can be seen that the product display assembly 100 can serve as a conduit for communications between the security fob 110 and the computer system 120.

FIG. 14 depicts a corresponding process flow for authentication program 122 that is similar in nature to FIG. 7, but replaces the communications with the security fob from FIG. 7 (see steps 700 and 706 from FIG. 7) with communications with the product display assembly 100 (see steps 1400 and 1402).

Thus, with the approach of FIGS. 12-14, the security fob 110 is able to leverage the wireless communication capabilities of the product display assembly to support its operations, such that security code 116 is not output from the security fob 110 until the authorization signal is received from the computer system 120 (indirectly, via the product display assembly). An example system in accordance with the approach of FIGS. 12-14 is shown by FIG. 18. The approach of FIGS. 15-17 is similar to that of FIGS. 12-14 but avoids the need for the security fob 110 to maintain or output the security code 116. With the approach of FIGS. 15-17, the security fob 110 leverages the wireless communication capabilities of the product display assembly and the authorization signal from the computer system itself contains the security code, which means the return loop through the security fob can be omitted. An example system in accordance with FIGS. 15-17 is shown by FIG. 19.

FIG. 15 depicts an example process flow for the security fob 110 that is similar in nature to that of FIG. 12 but omits steps 1202, 614, and 616 from FIG. 12. As an example, a security fob 110 that can be used to implement the FIG. 15 process flow can be a simple badge or card with an RFID chip. The RFID chip can be energized when in proximity to an RFID reader that emits a field over a short range, and energization of the RFID chip can cause the chip to emit its identifier. FIG. 16 depicts an example process flow for the security circuitry 104 that is similar in nature to FIG. 13 but where the authorization signal received from the computer system 120 (see step 1600) includes the security code 116 (see authorization signal 1900 in FIG. 19). Accordingly, the need for the extra communication steps where the product display assembly passes the authorization signal to the security fob and the security fob returns the security code can be replaced with a more direct path where the authorization signal from the computer system 120 itself includes the security code 116. Thus, at step 1602 shown by FIG. 16, the processor within the security circuitry 104 compares the security code 116 within the received authorization signal with the authorized security code to support a determination as to whether a match exists. FIG. 17 depicts a corresponding process flow for authentication program 122 that is similar in nature to FIG. 14, but where the authorization signal will include the security code 116 (see step 1700).

Examples of security circuitry 104 are shown by FIGS. 20-21 and 23-25. FIG. 20 shows an overview of the security circuitry 104. FIG. 21 shows a local processing unit that can be included with the security circuitry 104, where the local processing unit can be programmed receive a fob identifier 112 (via the interface shown by FIG. 22), wirelessly communicate the fob identifier 112 to the computer system 120, and then receive and process an authorization signal 1900 from the computer system 120 that includes security code 116. Upon verification of the authorization signal 1900 and security code 116, the local processing unit can control various security functions such as an alarm driver (see FIG. 23), a lock controller/sensor (see FIG. 24), and/or an LED interface (see FIG. 25). This arrangement would be consistent with the embodiment of FIGS. 15-17 and 19. It should be understood that part of the functions provided by the local processing unit of FIG. 21 could be deployed in the security fob 110 in the embodiment of FIG. 1.

Still other variations relative to the foregoing example embodiments can be employed by practitioners. For example, while the example embodiments discussed above describe the procedures attendant to the process flows of FIGS. 8, 13, and 16 being performed by the puck assembly 302 in response to the security fob 110 being connected to an interface 320 resident on the puck assembly 302, it should be understood that other variations can be employed. For example, a processor or corresponding circuitry can be deployed in the base assembly 304 to perform the process flows of FIGS. 8, 13 and/or 16. Also, the interface 320 can be resident in the base assembly 304 rather than the puck assembly 302 if desired by a practitioner. To the extent there would be a need to communicate security status to components in the puck assembly 302, such communications could be achieved via the connection between the puck assembly 302 and the base assembly 304 when the puck assembly 302 is at rest, or they could be achieved via wireless communication between the puck assembly 302 and base assembly 304. Further still, if the product display assembly 100 is designed as a one-piece unit such that there are not separate puck and base assemblies, it should be understood that the security circuitry 104 can be resident in any suitable location of the product display assembly 100.

As another example of an alternate embodiment, the security code 116 need not be pre-stored by the security fobs 110. Instead, the authorization signal 114 could be the mechanism by which the security code 116 is provided to the authorized security fobs 110 for forwarding to the product display assembly 100.

In yet another alternate embodiment, the security circuitry 104 can be configured to store a cache of whitelisted/authenticated fob identifiers 112 in its memory. This cached memory can then be leveraged to perform authentications locally within the security circuitry 104 itself, thereby avoiding a need to establish a wireless connection with the computer system 120 each time that a connection is made with a security fob. With such a design, the security fob 110 can provide its fob identifier 112 to the security circuitry after connection is established between interfaces 200 and 320. If the authentication cannot be made based by the security circuit 104 based on the cache, then the process flow would proceed through the computer system 120 as described herein. A practitioner could program the security circuitry 104 to purge the cache of authorized fob identifiers according to a desired protocol (e.g., nightly, weekly, each time an employee departs, etc.).

In yet another alternate embodiment, the computer system 120 can be configured to push copies of the authorization list 124 down to the local memories in the product display assemblies 100 in order to obviate the need for an on-line wireless connection between security fobs 110 and the computer system 120. Copies of the authorization list 124 can be transferred from the computer system 120 to the product display assemblies 100 via a wireless connection between the two (e.g., a wireless network). Alternatively, the transfer can be performed using a memory device or the like (e.g., a security fob used by a store manager where the fob includes memory that stores the authorization list 124), where the memory device is physically connected to the product display assembly 100 (e.g., via interface 320) so that the authorization list 124 can be loaded into the local memory of the product display assembly 100. With such an arrangement, the authentication program 122 could also be stored in the local memory for execution locally at the product display assembly 100.

Also, as indicated above, the security fobs 110 can take any of a number of forms, including embodiments where the security fobs 110 are mobile computing devices such as smart phones or tablet computers. With such an approach, the system is able to leverage the native wireless networking capabilities of the smart phones and tablet computers to connect with the product display assemblies 100 (e.g., using techniques such as Bluetooth, Near Field Communication (NFC), or short-range Wi-Fi) and with computer system 120 (e.g., using techniques such as Bluetooth, Near Field Communication (NFC), short-range Wi-Fi, or even using longer range wireless networking techniques). A mobile app could be loaded on the smart phone or tablet computer to provide the smart phone or tablet computer with the functionality described herein for connecting to other components in the system and sending security commands to desired product display assemblies.

Further still, with respect to any of the foregoing embodiments, alternate anti-theft security systems can be used in place of or in conjunction with the product display assembly 100. For example, the anti-theft security systems can include cabinets, boxes, bins, and/or containers that are protected from open access via locks and the like. As an example, the security circuitry 104 discussed herein could be incorporated in such cabinets, boxes, bins, and/or containers (e.g., deployed within the locks that regulate access to the cabinets, boxes, bins, and/or containers).

While the invention has been described above in relation to its example embodiments, various modifications may be made thereto that still fall within the invention's scope. Such modifications to the invention will be recognizable upon review of the teachings herein. 

What is claim is:
 1. A method for overriding a failed connection between a security fob and a computer system that authorizes security fobs to arm/disarm a product display assembly that displays a product, the method comprising: wirelessly sending a fob identifier from a security fob that stores the fob identifier, a security code, and a finite number of override tokens to the computer system; wirelessly sending the security code from the security fob to the product display assembly as a result of the security fob not receiving an authorization signal from the computer system; changing the security status of the product display assembly from an armed state to a disarmed state or from the disarmed state to the armed state in response to the product display assembly receiving the security code from the security fob; and decrementing the finite number of override tokens stored in the security fob.
 2. The method of claim 1 wherein the security fob does not send the security code when the finite number of override tokens is zero.
 3. The method of claim 1 wherein each override token of the finite override tokens authorizes the security fob to wirelessly send the security code to the product display assembly to control the security status of the product display assembly.
 4. The method of claim 1 wherein wirelessly sending the security code comprises wirelessly sending the security code from the security fob to the product display assembly when the finite number of override tokens stored in the security fob is greater than zero.
 5. The method of claim 1 wherein the finite number of override tokens correlates to a number of authorized uses available to the security fob when wireless communication between the security fob and the computer system fails.
 6. The method of claim 1 further comprises inactivating the security fob when the finite number of override tokens equals zero.
 7. The method of claim 1 further comprises renewing the finite number of override tokens by plugging the security fob into the computer system and issuing a renewed finite number of override tokens via a management portal of the computer system. 